Would be interesting to know how Apache Directory handles the Kerberos 5 authentication.
"Besides LDAP it supports Kerberos 5 and the Change Password Protocol." [1] I suspect it uses the built-in JVM support for kerberos though. Kerberos is a pretty horrible beastie and there's a lot that underpins simple commands like 'kinit'. [1] http://directory.apache.org/
